Cenzic 232 Patent
Paid Advertising
web application security lab
« Banks, Businesses, Viruses and the UCC
RSA Conference Wrapup »

Facebook Patents Social Feeds and I Patent XSS

In honor of the USPO’s decision to allow Facebook’s patent for social feeds I decided to patent XSS. Please pay up. You know who you are. Thank you.

This entry was posted on Friday, February 26th, 2010 at 2:10 pm and is filed under XSS, Webappsec. Responses are currently closed, but you can trackback from your own site.

30 Responses to “Facebook Patents Social Feeds and I Patent XSS”

  1. Daniel Says:
    February 26th, 2010 at 2:14 pm

    IOU a % of my gross income for the rest of my career?…

    FUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU

  2. A Says:
    February 26th, 2010 at 2:39 pm

    alert(”best of luck”)

  3. Dr.Obvious Says:
    February 26th, 2010 at 2:39 pm

    I patent the facepalm. ./facepalm
    Works great!

  4. Wyatt Says:
    February 26th, 2010 at 3:53 pm

    Were you just sitting on that vulnerability waiting for the right time to make a zing?

  5. Dan Weber Says:
    February 26th, 2010 at 4:28 pm

    Well, someone must be paying attention, because it looks like they fixed the problem.

  6. Dan Weber Says:
    February 26th, 2010 at 4:29 pm

    Never mind, it was my browser intefering. I was kind of surprised that someone would fix the USPTO website on a Friday evening.

  7. swc|666 Says:
    February 26th, 2010 at 9:20 pm

    epic

  8. Tom T. Says:
    February 26th, 2010 at 9:52 pm

    I’ve XSSed the patent office web site, stolen your patent, and patented the “blog”. I look forward to your payments, along with millions of others.

    It will be a nice addition to the income from my patent on CSS.

  9. infinity Says:
    February 27th, 2010 at 4:02 am

    United States Patent 7,475,086 assigned to IBM:

    Method of automatically removing leading and trailing space characters from data being entered into a database system.

  10. Sniper Says:
    February 27th, 2010 at 4:39 am

    btw guys i found multiple “live” xss and sqli vulnerabilties of NASA.gov servers posted at pinoysecurity

  11. Jawdy Says:
    February 27th, 2010 at 5:06 am

    RSnake, you’re my hero.

  12. dew|frost Says:
    February 27th, 2010 at 7:32 am

    Sir, you are truly a genius.

    Also, did somebody already file to patent SQL injection? If not it’s a gap to be filled.

  13. Lysogen Says:
    February 27th, 2010 at 2:50 pm

    OMG LOLZ, RSnake- uber epic.

  14. anon Says:
    February 28th, 2010 at 3:39 am

    next time please put a warning its an actual XSS attempt against a gov site (id expect things like this wouldn’t be posted on the front page of this site, bad assumption i suppose).

  15. Wornstrom Says:
    February 28th, 2010 at 3:13 pm

    The URL, shown in the status bar on hover, is a pretty good warning.

  16. Dan Says:
    February 28th, 2010 at 6:32 pm

    Wow “anon” - you might be on to something here!

    Maybe we shouldn’t randomly click on URL’s on a web site called “ha.ckers.org”.

    Just a thought…

  17. digi7al64 Says:
    February 28th, 2010 at 8:06 pm

    I’ve got dibs on ‘prototype’ :p I’m gunna patent/copyrght it and sue everyone for infringement…. oh and btw, since I posted this on blog, the world must recoginise my claim! muhahahahahahaha!!!!11!!1

  18. Nilesh Says:
    February 28th, 2010 at 11:26 pm

    Good One …Rsnake! :D

  19. Johannes Says:
    March 1st, 2010 at 1:41 am

    Genious

  20. syed shah Says:
    March 1st, 2010 at 4:47 am

    I see you are hacking away at the google chat module. Don’t kill me please.

  21. Asdf Qwerty Says:
    March 1st, 2010 at 1:26 pm

    Nice find, i laughed.

    here’s another (2 actually)

    http://ebiz1.uspto.gov/vision-service/ShoppingCart_P/ShowShoppingCart?backUrl1=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E&backLabel1=%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E

  22. seoci Says:
    March 1st, 2010 at 2:23 pm

    @Dan

    It wasn’t just a link on a web site called ha.ckers.org, it was a link labeled “XSS”

    If that’s not a warning, I don’t know what is.

  23. Jason Says:
    March 3rd, 2010 at 4:08 pm

    The forever-alpha Firekeeper add-on for Firefox caught the XSS attempt by telling me that the GET request looked suspiciously like HTML and allowed me to block it.

    http://firekeeper.mozdev.org/

  24. obelix6 Says:
    March 5th, 2010 at 8:02 am

    Reported to US-CERT… let’s see just how long it takes someone to fix it…

  25. Eric Says:
    March 5th, 2010 at 8:38 pm

    @infinity - excellent discovery. I think its time to buy some IBM stock then, lots of people hate them whitespaces.

    I am sure someone has already patented something similar to social feeds, like a shoutbox, and will now probably sue Facebook… and to think our tax dollars go to pay experts to decide if its novel, original, and patentable.

  26. Kaze Says:
    March 9th, 2010 at 9:41 pm

    You are a god, lolz, i wanna learn if I wasn’t so damm cluttered with the boring stuffs, wanhhhhhhhhhhhhhhh teach me teach me teach me, *Dose not want to be E-Shanked so he stops* Well have a nice day then (n_n)

  27. avetis.kazarian Says:
    March 18th, 2010 at 4:59 am

    Ha Ha Ha !

    Just GREAT.

  28. ouch Says:
    April 5th, 2010 at 6:26 pm

    Wow, hover over with mouse really works. Nice one Rsnake.

  29. austin Says:
    July 30th, 2010 at 8:37 am

    yeah i seen the xss in the status bar…but i had to click it…i had to see if it would work…and i literally lol’d at work….im still giggling….

    i havent facepalmed so hard since i learned the uscan at wal-mart runs on xp…

  30. Denis Says:
    August 28th, 2010 at 10:28 am

    Amusingly, it’s still not fixed.